Reputation: 751
Passing a JS variable to PHP Safely
I making a javascript game where the player builds up a score against a count down timer. When the timer runs out I display a form that show the score and lets the user enter they username (arcade style). I'm going to use the POST method send the user score to a php file that will store it somehow (database,textfile. or something). How do I prevent people from fiddling with the JS code and passing some new value thru that isn't the correct score (or something that isn't malicious).
At the very least, what are the safest methods on the PHP/reviving end to at least only accept and integer value?
Upvotes: 0
Views: 55
Answers (1)
Reputation: 53831
That's a well known and difficult problem. I'm not sure it ever has a good solution. The user is the client is JS, so they have 100% control over what's sent to the server.
The only thing you can do and force, is server side validation. Don't just send the score. Send the path, the method, the steps, etc. Starting a session/game/level should also happen on the server, because the timestamp could be faked from the client.
You can make the whole game in JS, but start and end it on the server and remember all the steps. This might mean double step/path validation: JS (instantly) and server.
(I had the same problem with http://games.webblocks.nl/110 which stores steps (clicks) in g_stack.)
Upvotes: 2
Related Questions
- what is safe way to send php data to js?
- Posting a javascript variable to PHP.
- Post variables from javascript to php
- Sending JavaScript Variable to PHP via POST
- Pass javascript variable to php
- Safety in sending JavaScript variable to PHP variable
- Post Javascript variable to PHP
- Passing variables from php to javascript (Safely)
- How to pass a javascript variable to PHP
- Pass variables to PHP from javascript